What happened?
The telegram.ext / httpx loggers used by openharness.channels.impl.telegram log every Telegram API request at INFO level, including the full URL — which contains the bot token as a path segment:
[httpx] INFO HTTP Request: POST https://api.telegram.org/bot<TOKEN>:<SECRET>/getMe "HTTP/1.1 200 OK"
[httpx] INFO HTTP Request: POST https://api.telegram.org/bot<TOKEN>:<SECRET>/getUpdates "HTTP/1.1 200 OK"
The Telegram bot token format is <bot_id>:<secret>. Both halves end up in the log path. Anyone with read access to the gateway logs can extract the token and impersonate the bot. This affects any deployment that:
- Uses default Python
logging level (INFO)
- Pipes gateway stdout/stderr to any log file or aggregator
- Shares logs with collaborators / debugging tools
Steps to reproduce
- Configure any Telegram channel via
ohmo
ohmo gateway run > /tmp/gateway.log 2>&1grep "api.telegram.org/bot" /tmp/gateway.log → bot token visible in URL path
The poll loop runs every ~10s, so the token gets re-logged constantly.
Severity
Practical impact depends on how operators handle logs. For local-only deployments with mode 600 logs, low. For deployments that ship logs to any aggregator (Datadog, CloudWatch, syslog, even a shared /tmp/), the token is exfiltrated. Filing as a bug rather than security advisory because the leak is via the logging API rather than a network or auth boundary, but worth treating as moderate-severity.
Suggested fix
Inside the Telegram channel startup, raise the level for the URL-leaking loggers before the first poll:
import logging
logging.getLogger("httpx").setLevel(logging.WARNING)
logging.getLogger("httpcore").setLevel(logging.WARNING)
logging.getLogger("telegram.ext").setLevel(logging.WARNING)Or filter the URL paths in a LogFilter if INFO is desired for other reasons. I worked around this locally by writing a wrapper script that silences the loggers before invoking ohmo's entry point — works reliably, but should be inside OpenHarness itself.
Environment
- macOS 26.x (Apple Silicon, M4 Pro)
- OpenHarness v0.1.9 (released 2026-05-07)
- Python 3.14
- httpx 0.x (whatever pulls via openharness deps)
- python-telegram-bot 21.x
Relevant logs
Redacted token portion shown as <TOKEN>:<SECRET>:
2026-05-08 20:13:25,921 [httpx] INFO HTTP Request: POST https://api.telegram.org/bot<TOKEN>:<SECRET>/getMe "HTTP/1.1 200 OK"
2026-05-08 20:13:26,275 [httpx] INFO HTTP Request: POST https://api.telegram.org/bot<TOKEN>:<SECRET>/setMyCommands "HTTP/1.1 200 OK"
2026-05-08 20:13:36,512 [httpx] INFO HTTP Request: POST https://api.telegram.org/bot<TOKEN>:<SECRET>/getUpdates "HTTP/1.1 200 OK"
After hitting this, I had to revoke the bot token via @Botfather and re-issue a new one. Operators standing up new bots should be warned proactively.
Happy to send a PR.
What happened?
The
telegram.ext/httpxloggers used byopenharness.channels.impl.telegramlog every Telegram API request at INFO level, including the full URL — which contains the bot token as a path segment:The Telegram bot token format is
<bot_id>:<secret>. Both halves end up in the log path. Anyone with read access to the gateway logs can extract the token and impersonate the bot. This affects any deployment that:logginglevel (INFO)Steps to reproduce
ohmoohmo gateway run > /tmp/gateway.log 2>&1grep "api.telegram.org/bot" /tmp/gateway.log→ bot token visible in URL pathThe poll loop runs every ~10s, so the token gets re-logged constantly.
Severity
Practical impact depends on how operators handle logs. For local-only deployments with mode 600 logs, low. For deployments that ship logs to any aggregator (Datadog, CloudWatch, syslog, even a shared
/tmp/), the token is exfiltrated. Filing as a bug rather than security advisory because the leak is via the logging API rather than a network or auth boundary, but worth treating as moderate-severity.Suggested fix
Inside the Telegram channel startup, raise the level for the URL-leaking loggers before the first poll:
Or filter the URL paths in a
LogFilterif INFO is desired for other reasons. I worked around this locally by writing a wrapper script that silences the loggers before invokingohmo's entry point — works reliably, but should be inside OpenHarness itself.Environment
Relevant logs
Redacted token portion shown as
<TOKEN>:<SECRET>:After hitting this, I had to revoke the bot token via @Botfather and re-issue a new one. Operators standing up new bots should be warned proactively.
Happy to send a PR.